Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/MHOAoAb2Ho9DxPt7JuVse69xYFQ.roa
File:                     MHOAoAb2Ho9DxPt7JuVse69xYFQ.roa (raw, json)
Hash identifier:          CZN6ObcxQQuFBfuKs7zHMPPVIUln034kEHNFCP0mLCc=
Subject key identifier:   30:73:80:A0:06:F6:1E:8F:43:C4:FB:7B:26:E5:6C:7B:AF:71:60:54
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019334A8AD63C983D61D5556C1437DE3691A
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/MHOAoAb2Ho9DxPt7JuVse69xYFQ.roa
Signing time:             Sat 16 Nov 2024 11:08:09 +0000
ROA not before:           Sat 16 Nov 2024 11:08:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     151106
IP address blocks:        103.216.172.0/24 maxlen: 24
                          103.216.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:34:a8:ad:63:c9:83:d6:1d:55:56:c1:43:7d:e3:69:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Nov 16 11:08:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=307380a006f61e8f43c4fb7b26e56c7baf716054
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ab:1f:0e:23:5a:92:06:fb:06:78:d6:f2:dd:
                    de:3a:85:54:ee:7b:62:29:56:5b:76:f2:11:af:aa:
                    20:ac:c9:3b:f4:68:57:69:e0:e2:9d:a0:2c:85:f3:
                    45:f1:14:0c:59:7c:22:39:a6:35:f9:55:ae:cc:65:
                    38:97:56:a3:fe:a8:53:68:88:f7:8a:8f:06:dd:6a:
                    c8:3f:21:41:8e:3f:25:32:61:df:20:fd:45:a6:a0:
                    02:e6:9d:fe:ce:62:de:49:f6:c8:3f:ff:9d:0d:19:
                    51:2f:89:8e:74:6d:13:a7:f7:c7:8c:28:a2:60:fc:
                    e2:ae:f7:75:4c:9e:e1:31:d3:3b:0c:c7:92:2d:ba:
                    66:18:ae:a9:f3:01:34:0a:ac:9b:63:ca:0c:e6:68:
                    da:36:b3:bb:47:4e:d8:e5:1b:1c:e9:ea:32:a8:45:
                    54:8a:08:15:b8:ba:11:4c:7d:35:ae:d4:db:4f:99:
                    a2:79:00:1c:c5:1a:95:20:1d:b5:c5:89:4b:43:1e:
                    61:a9:8b:8a:16:7e:79:4e:aa:51:f0:72:47:44:00:
                    c5:33:7a:60:10:44:99:f4:ff:53:84:d5:82:7f:13:
                    c3:e7:1d:e7:94:d9:37:88:36:63:50:99:b1:56:33:
                    bd:2f:af:88:4f:7b:c5:78:5a:47:e6:33:b9:d9:3b:
                    8c:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:73:80:A0:06:F6:1E:8F:43:C4:FB:7B:26:E5:6C:7B:AF:71:60:54
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/MHOAoAb2Ho9DxPt7JuVse69xYFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.216.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:90:30:43:bf:5a:f6:28:7b:1a:cd:c1:a1:7d:51:d1:21:c7:
         27:4f:6d:58:52:33:fe:05:c4:fc:08:be:23:44:f1:67:99:02:
         52:34:f7:4e:e0:53:30:3f:3d:d2:07:ca:82:cd:34:64:9f:56:
         cd:ad:c3:76:6d:26:7f:7b:bb:b9:22:8a:3f:ad:82:a5:2a:a9:
         3f:c0:0b:34:e4:7b:63:de:64:35:f4:e3:46:0f:0c:f7:74:2b:
         07:35:e1:6a:bc:99:bd:c5:31:fa:74:63:ff:db:63:fb:1b:5f:
         91:3c:fb:84:4b:cb:77:75:ca:4b:b0:9d:c0:86:fa:c6:b5:de:
         9e:7c:b6:50:a2:45:42:a3:98:b5:8c:b5:b6:b1:f4:93:b1:b0:
         26:5c:3d:db:a8:75:21:a8:71:03:5e:32:b8:ca:1d:25:b5:4e:
         f7:e5:c3:5b:d1:bd:fe:47:95:6a:22:55:30:a6:a8:57:45:d0:
         93:cb:a5:8c:f5:cc:b2:a6:ff:32:54:2e:2f:b7:85:33:b1:d9:
         0c:ff:24:79:56:17:00:4f:d1:27:2a:2c:1a:d8:cf:07:05:95:
         0e:3d:3a:65:33:a2:b0:4a:da:7b:19:fb:ad:9d:f5:64:1a:de:
         43:f0:eb:4c:ac:57:96:21:9f:14:5b:5a:1c:19:27:c2:e7:90:
         13:01:d7:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZM0qK1jyYPWHVVWwUN942kaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQxMTE2MTEwODA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDczODBhMDA2ZjYxZThmNDNjNGZiN2IyNmU1NmM3YmFmNzE2MDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6sfDiNakgb7BnjW8t3eOoVU7nti
KVZbdvIRr6ogrMk79GhXaeDinaAshfNF8RQMWXwiOaY1+VWuzGU4l1aj/qhTaIj3
io8G3WrIPyFBjj8lMmHfIP1FpqAC5p3+zmLeSfbIP/+dDRlRL4mOdG0Tp/fHjCii
YPzirvd1TJ7hMdM7DMeSLbpmGK6p8wE0CqybY8oM5mjaNrO7R07Y5Rsc6eoyqEVU
iggVuLoRTH01rtTbT5mieQAcxRqVIB21xYlLQx5hqYuKFn55TqpR8HJHRADFM3pg
EESZ9P9ThNWCfxPD5x3nlNk3iDZjUJmxVjO9L6+IT3vFeFpH5jO52TuMdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDBzgKAG9h6PQ8T7eyblbHuvcWBUMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvTUhPQW9BYjJIbzlEeFB0N0p1VnNlNjl4WUZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZ9isMA0G
CSqGSIb3DQEBCwUAA4IBAQBOkDBDv1r2KHsazcGhfVHRIccnT21YUjP+BcT8CL4j
RPFnmQJSNPdO4FMwPz3SB8qCzTRkn1bNrcN2bSZ/e7u5Ioo/rYKlKqk/wAs05Htj
3mQ19ONGDwz3dCsHNeFqvJm9xTH6dGP/22P7G1+RPPuES8t3dcpLsJ3AhvrGtd6e
fLZQokVCo5i1jLW2sfSTsbAmXD3bqHUhqHEDXjK4yh0ltU735cNb0b3+R5VqIlUw
pqhXRdCTy6WM9cyypv8yVC4vt4UzsdkM/yR5VhcAT9EnKiwa2M8HBZUOPTplM6Kw
Stp7GfutnfVkGt5D8OtMrFeWIZ8UW1ocGSfC55ATAdem
-----END CERTIFICATE-----